From matta at surveymonkey.com Fri May 1 19:54:48 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Fri, 1 May 2015 19:54:48 +0000 Subject: [rancid] Extra Characters after logging in Arista switches Message-ID: Hi, I?m seeing some extra characters appear on the lines after logging in to Arista switches. Here?s an example: rancid at SITE-tools01:~$ bin/clogin SITE-sw16 SITE-sw16 spawn ssh -c 3des -x -l userremoved SITE-sw16 Password: Last login: Fri May 1 19:37:19 2015 from 10.1.1.1 ^[[0nSITE-sw16# SITE-sw16#n % Incomplete command SITE-sw16# Yes, the ?n? and control characters above are sic. And here?s the config in .cloginrc if that helps: ## Arista add method {SITE-sw[16|17|18]*} ssh add passprompt {SITE-sw[16|17|18]*} {"\[Pp]assword:"} add user {SITE-sw[16|17|18]*} {userremoved} add password {SITE-sw[16|17|18]*} {removed} add noenable {SITE-sw[16|17|18]*} 1 # The SITE, IP, username and password have been changed to protect the innocent. Logging in manually with same username and password doesn?t do this: rancid at SITE-tools01:~$ ssh userremoved at SITE-sw16 Password: Last login: Fri May 1 19:40:44 2015 from 10.1.1.1 SITE-sw16# SITE-sw16# SITE-sw16# We use TAC+ for ALL authentication if that adds any help figuring out this problem. Thanks, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From jlewis at lewis.org Fri May 1 21:13:32 2015 From: jlewis at lewis.org (Jon Lewis) Date: Fri, 1 May 2015 17:13:32 -0400 (EDT) Subject: [rancid] Extra Characters after logging in Arista switches In-Reply-To: References: Message-ID: IIRC, it's an interaction of the Arista, clogin, and your TERM type. Set your TERM env variable to something "plain" like vt100, and it should stop doing that. On Fri, 1 May 2015, Matt Almgren wrote: > Hi, Im seeing some extra characters appear on the lines after logging in to Arista switches. > > Heres an example: > > rancid at SITE-tools01:~$ bin/clogin SITE-sw16 > SITE-sw16 > spawn ssh -c 3des -x -l userremoved SITE-sw16 > Password: > Last login: Fri May 1 19:37:19 2015 from 10.1.1.1 > ^[[0nSITE-sw16# > SITE-sw16#n > % Incomplete command > SITE-sw16# > > Yes, the n and control characters above are sic. > > > And heres the config in .cloginrc if that helps: > > > ## Arista > add method {SITE-sw[16|17|18]*} ssh > add passprompt {SITE-sw[16|17|18]*} {"\[Pp]assword:"} > add user {SITE-sw[16|17|18]*} {userremoved} > add password {SITE-sw[16|17|18]*} {removed} > add noenable {SITE-sw[16|17|18]*} 1 > # > > > The SITE, IP, username and password have been changed to protect the innocent. > > > Logging in manually with same username and password doesnt do this: > > rancid at SITE-tools01:~$ ssh userremoved at SITE-sw16 > Password: > Last login: Fri May 1 19:40:44 2015 from 10.1.1.1 > SITE-sw16# > SITE-sw16# > SITE-sw16# > > We use TAC+ for ALL authentication if that adds any help figuring out this problem. > > Thanks, Matt > > ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From heas at shrubbery.net Sat May 2 15:28:59 2015 From: heas at shrubbery.net (heasley) Date: Sat, 2 May 2015 15:28:59 +0000 Subject: [rancid] Extra Characters after logging in Arista switches In-Reply-To: References: Message-ID: <20150502152859.GB80520@shrubbery.net> Fri, May 01, 2015 at 05:13:32PM -0400, Jon Lewis: > IIRC, it's an interaction of the Arista, clogin, and your TERM type. Set > your TERM env variable to something "plain" like vt100, and it should > stop doing that. it probably is caused by the terminal setting. you can try hlogin with the arista, or if collections work, set it to the TERM setting from rancid.conf. > On Fri, 1 May 2015, Matt Almgren wrote: > > > Hi, Im seeing some extra characters appear on the lines after logging in to Arista switches. > > > > Heres an example: > > > > rancid at SITE-tools01:~$ bin/clogin SITE-sw16 > > SITE-sw16 > > spawn ssh -c 3des -x -l userremoved SITE-sw16 > > Password: > > Last login: Fri May 1 19:37:19 2015 from 10.1.1.1 > > ^[[0nSITE-sw16# > > SITE-sw16#n > > % Incomplete command > > SITE-sw16# > > > > Yes, the n and control characters above are sic. > > > > > > And heres the config in .cloginrc if that helps: > > > > > > ## Arista > > add method {SITE-sw[16|17|18]*} ssh > > add passprompt {SITE-sw[16|17|18]*} {"\[Pp]assword:"} > > add user {SITE-sw[16|17|18]*} {userremoved} > > add password {SITE-sw[16|17|18]*} {removed} > > add noenable {SITE-sw[16|17|18]*} 1 > > # > > > > > > The SITE, IP, username and password have been changed to protect the innocent. > > > > > > Logging in manually with same username and password doesnt do this: > > > > rancid at SITE-tools01:~$ ssh userremoved at SITE-sw16 > > Password: > > Last login: Fri May 1 19:40:44 2015 from 10.1.1.1 > > SITE-sw16# > > SITE-sw16# > > SITE-sw16# > > > > We use TAC+ for ALL authentication if that adds any help figuring out this problem. > > > > Thanks, Matt > > > > > > ---------------------------------------------------------------------- > Jon Lewis, MCP :) | I route > | therefore you are > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From KevinLiu at m800.com Mon May 4 08:13:25 2015 From: KevinLiu at m800.com (Kevin Liu) Date: Mon, 4 May 2015 08:13:25 +0000 Subject: [rancid] Some problem with rancid-run script In-Reply-To: <20150502154106.GE80520@shrubbery.net> References: <20150420145008.GB88638@shrubbery.net> <20150423142221.GE10805@shrubbery.net> <20150430171625.GA9903@shrubbery.net> <20150501201113.GL54055@shrubbery.net> <20150502154106.GE80520@shrubbery.net> Message-ID: Could someone help on this? And, is Huawei product supported in Rancid? I know some users have the profile. Thanks, Kevin -----Original Message----- From: Heasley [mailto:heas at shrubbery.net] Sent: Saturday, May 02, 2015 11:41 PM To: Kevin Liu Cc: Heasley; rancid at shrubbery.net Subject: Re: Some problem with rancid-run script Sat, May 02, 2015 at 12:46:08PM +0000, Kevin Liu: > And still, some routers listed in routers.up. > But failed to get the config. > Although, cloginrc running is ok. > What's up? you need to write to rancid-discuss. the user community will help you. From matta at surveymonkey.com Tue May 5 18:11:50 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Tue, 5 May 2015 18:11:50 +0000 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: References: Message-ID: What are the available options, if any, to using non-cleartext passwords for Rancid in the .cloginrc file? We also use TAC+ as the backend AAA. This wasn?t a huge concern for me until I realized that it goes against some of the PCI compliance regulations about storing passwords in the clear. Thanks, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From matta at surveymonkey.com Tue May 5 18:38:13 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Tue, 5 May 2015 18:38:13 +0000 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? Message-ID: BTW, I have read some interesting replies in the mailing list archives: If your poller is not secure it doesn't matter what authentication method you use. So while you could for some platforms set up .shosts or RSA authorized keys, it doesn't really accomplish anything. And If something automated is going to log into a router, it needs an authentication credential. That's going to have to be stored somewhere. If you store it encrypted, then you're going to need to store the decryption key somewhere. All that does is rearrange the exposure, not solve it. And If you use a TACACS server for authentication, then you could do some interesting things to make the passwords RANCID uses less useful to outsiders - for example, the TACACS server could only allow the RANCID username to be used from the RANCID host, or during certain times of day, or only allow it to execute a limited subset of commands. I?m just wondering if there?s any new information or ideas. Thanks, Matt From: Matt Almgren > Date: Tuesday, May 5, 2015 at 11:11 AM To: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Alternatives to cleartext password in .cloginrc ? What are the available options, if any, to using non-cleartext passwords for Rancid in the .cloginrc file? We also use TAC+ as the backend AAA. This wasn?t a huge concern for me until I realized that it goes against some of the PCI compliance regulations about storing passwords in the clear. Thanks, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.schmidt at wyo.gov Tue May 5 20:25:45 2015 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 5 May 2015 14:25:45 -0600 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: References: Message-ID: Use tacacs - use do_auth. Make rancid user that can only type a few commands and only when logged in from that IP. If somebody get my rancid password, it's practically useless. http://www.tacacs.org/tacacsplus/2011/03/02/securing-rancid-with-do_auth On Tue, May 5, 2015 at 12:38 PM, Matt Almgren wrote: > > BTW, I have read some interesting replies in the mailing list archives: > > *If your poller is not secure it doesn't matter what authentication **method > you use.* So while you could for some platforms set up .shosts or RSA > authorized keys, it doesn't really accomplish anything. > > And > > If something automated is going to log into a router, it needs an > authentication credential. That's going to have to be stored somewhere. If > you store it encrypted, then you're going to need to store the decryption > key somewhere. *All that does is rearrange the exposure, not solve it.* > > And > > If you *use a TACACS server for authentication, then you could do some interesting things to make the passwords RANCID uses less useful to outsiders *- for example, the TACACS server could only allow the RANCID username to be used from the RANCID host, or during certain times of day, or only allow it to execute a limited subset of commands. > > > > I?m just wondering if there?s any new information or ideas. > > Thanks, Matt > > > > > > > From: Matt Almgren > Date: Tuesday, May 5, 2015 at 11:11 AM > To: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Alternatives to cleartext password in .cloginrc ? > > > What are the available options, if any, to using non-cleartext > passwords for Rancid in the .cloginrc file? We also use TAC+ as the > backend AAA. > > This wasn?t a huge concern for me until I realized that it goes against > some of the PCI compliance regulations about storing passwords in the > clear. > > Thanks, Matt > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lee.e.rian at census.gov Tue May 5 21:02:21 2015 From: lee.e.rian at census.gov (Lee Rian (CENSUS/TCO FED)) Date: Tue, 5 May 2015 21:02:21 +0000 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: References: Message-ID: <1430859741321.13376@census.gov> I know one person that installed Rancid on an encrypted USB drive. It doesn't eliminate the risk of cleartext passwords in .cloginrc but it does reduce the exposure. Regards, Lee ________________________________ From: Rancid-discuss on behalf of Matt Almgren Sent: Tuesday, May 5, 2015 2:38 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Alternatives to cleartext password in .cloginrc ? BTW, I have read some interesting replies in the mailing list archives: If your poller is not secure it doesn't matter what authentication method you use. So while you could for some platforms set up .shosts or RSA authorized keys, it doesn't really accomplish anything. And If something automated is going to log into a router, it needs an authentication credential. That's going to have to be stored somewhere. If you store it encrypted, then you're going to need to store the decryption key somewhere. All that does is rearrange the exposure, not solve it. And If you use a TACACS server for authentication, then you could do some interesting things to make the passwords RANCID uses less useful to outsiders - for example, the TACACS server could only allow the RANCID username to be used from the RANCID host, or during certain times of day, or only allow it to execute a limited subset of commands. I'm just wondering if there's any new information or ideas. Thanks, Matt From: Matt Almgren > Date: Tuesday, May 5, 2015 at 11:11 AM To: "rancid-discuss at shrubbery.net" > Subject: Re: [rancid] Alternatives to cleartext password in .cloginrc ? What are the available options, if any, to using non-cleartext passwords for Rancid in the .cloginrc file? We also use TAC+ as the backend AAA. This wasn't a huge concern for me until I realized that it goes against some of the PCI compliance regulations about storing passwords in the clear. Thanks, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From rdrake at direcpath.com Tue May 5 18:57:37 2015 From: rdrake at direcpath.com (rdrake) Date: Tue, 5 May 2015 14:57:37 -0400 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: References: Message-ID: <554912A1.7080605@direcpath.com> On 05/05/2015 02:38 PM, Matt Almgren wrote: > > BTW, I have read some interesting replies in the mailing list archives: > > *If your poller is not secure it doesn't matter what authentication > **method you use.* So while you could for some platforms set up > .shosts or RSA authorized keys, it doesn't really accomplish anything. > > And > > If something automated is going to log into a router, it needs an > authentication credential. That's going to have to be stored > somewhere. If you store it encrypted, then you're going to need to > store the decryption key somewhere. *All that does is rearrange the > exposure, not solve it.* > > And > > If you*use a TACACS server for authentication, then you could do some interesting things to make the passwords RANCID uses less useful to outsiders*- for example, the TACACS server could only allow the RANCID username to be used from the RANCID host, or during certain times of day, or only allow it to execute a limited subset of commands. > > > I?m just wondering if there?s any new information or ideas. > > Thanks, Matt > If you're okay with not using Expect, you could use my perl tel script: https://github.com/rfdrake/tel It supports storing the password in Keepass and Keyrings (Gnome, KDE and MacOS). I honestly recommend you stick with clogin on a very secure machine for rancid, but for interactive logins in a NOC environment I would recommend doing something with a keyring or password vault. Yes, you do need to store the decryption key somewhere, but that should be only in a protected memory space that only that user and superuser could access. Obviously you'll need to tailor your security to your own environment and needs. Alternatives to this: If you need one time keys and all your routers support them then tacacs will also do this (I think. I'm not sure how you would go about setting up rancid to use it but I imagine it would be cumbersome. I would just bypass it for rancid use). If all your routers support ssh user keys then you should use them and use passphrases to protect security. Revocation can happen through whatever means the router supports (something custom I suspect, but maybe puppet on some boxes?). At one point in time I thought about modifying tacacs to support ssh user key distribution (so on a login request it would ask the tacacs server for the users public key). I ended up getting distracted. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Wed May 6 07:33:45 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Wed, 06 May 2015 09:33:45 +0200 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: References: Message-ID: <5549C3D9.7040603@gmail.com> On 05/05/2015 20:11, Matt Almgren wrote: > > What are the available options, if any, to using non-cleartext passwords > for Rancid in the .cloginrc file? We also use TAC+ as the backend AAA. > > This wasn?t a huge concern for me until I realized that it goes against > some of the PCI compliance regulations about storing passwords in the > clear. Unfortunately some of those rules and regulations are subject to far too much FUD and cargo-culting. The original intent is obvious - don't store user's login creds in cleartext on the host that delivers the service. Much the same as how we now hash passwords strongly and put them in /etc/shadow. .cloginrc is an entirely different kettle of fish, a completely different problem altogether. The only way to log into the network device is with a password as the vendor doesn't offer anything else. Therefore something needs to know what the password is and needs to be able to render it in plaintext. You could encrypt .cloginrc somehow, but the automated system still needs the decryption key and at some point that key needs to be plaintext. So as you said in your other mail, all "solutions" to this problem just shuffle it around in obfuscating ways. What I did was get my Risk Officer's backing for my security measures, and that satisfied the Compliance people. All we did was the ordinary: - access to the rancid server was closely controlled and only the team managing it had access. Login by ssh key only. A system was in place to automate account add/remove as people moved around. - Only the rancid user could read .cloginrc (done by file permissions) and the human user had to use sudo -i to become rancid, controlled by /etc/sudoers - it was the responsibility of NetOps to ensure all rancid-polled devices were Tacacs-enabled, and we controlled the tacacs accounts which had strong passwords, a strong hashing system in tac_plus.conf, and the account was locked down to the exact set of commands that rancid runs - The tacacs and rancid servers were located in the network management range which was monitored by several teams due to it's sensitive nature There were a few other details, but you get the gist - use the ordinary proven techniques to protect your system. -- Alan McKinnon alan.mckinnon at gmail.com From el.es.cr at gmail.com Wed May 6 15:05:52 2015 From: el.es.cr at gmail.com (Lukasz Sokol) Date: Wed, 06 May 2015 16:05:52 +0100 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: References: Message-ID: On 05/05/15 19:38, Matt Almgren wrote: > > > > What are the available options, if any, to using non-cleartext > passwords for Rancid in the .cloginrc file? We also use TAC+ as the > backend AAA. I've no TAC+, but > > This wasn?t a huge concern for me until I realized that it goes > against some of the PCI compliance regulations about storing > passwords in the clear. Did you consider rancid over ssh private/public key pairs (do your devices support ssh, in the first place)? > > Thanks, Matt > HTH Lukasz From matta at surveymonkey.com Wed May 6 15:19:52 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Wed, 6 May 2015 15:19:52 +0000 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: References: Message-ID: Ssh keys are still on the table and that is one of the alternatives. However, I?d like to use TAC+ as well for authorization and accounting. However, I?m not finding too much information for incorporating TAC+ with SSH keys. If we went that route, that would probably solve most of our issues - albeit more of a headache to roll out. Thanks, Matt On 5/6/15, 8:05 AM, "Lukasz Sokol" wrote: >On 05/05/15 19:38, Matt Almgren wrote: >> >> >> >> What are the available options, if any, to using non-cleartext >> passwords for Rancid in the .cloginrc file? We also use TAC+ as the >> backend AAA. > >I've no TAC+, but > >> >> This wasn?t a huge concern for me until I realized that it goes >> against some of the PCI compliance regulations about storing >> passwords in the clear. > >Did you consider rancid over ssh private/public key pairs >(do your devices support ssh, in the first place)? > >> >> Thanks, Matt >> > >HTH >Lukasz > > >_______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo/rancid-discuss From matta at surveymonkey.com Wed May 6 15:40:38 2015 From: matta at surveymonkey.com (Matt Almgren) Date: Wed, 6 May 2015 15:40:38 +0000 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: <554A33DA.1090901@gmail.com> References: <554A33DA.1090901@gmail.com> Message-ID: I?m just curious, if you?re not using TAC+ or RADIUS, how do you manage authorization (user levels, permissions per device, etc)? Thanks, Matt On 5/6/15, 8:31 AM, "Lukasz Sokol" wrote: >On 06/05/15 16:19, Matt Almgren wrote: >> Ssh keys are still on the table and that is one of the alternatives. > >They are relatively easy to roll out on rancid by itself - I did it after >some >googling, and it wasn't too bad... (key based ident is mentioned in one >of the articles >that pop up when googling for rancid and ssh... adapted a bit to my >debian needs and that's >it, all it really needed.) > >> However, I?d like to use TAC+ as well for authorization and accounting. > >However I've no notion or knowledge of TAC+ sorry... > >> >> However, I?m not finding too much information for incorporating TAC+ >>with >> SSH keys. If we went that route, that would probably solve most of our >> issues - albeit more of a headache to roll out. >> >> Thanks, Matt >> > >el es From el.es.cr at gmail.com Wed May 6 15:31:38 2015 From: el.es.cr at gmail.com (Lukasz Sokol) Date: Wed, 06 May 2015 16:31:38 +0100 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: References: Message-ID: <554A33DA.1090901@gmail.com> On 06/05/15 16:19, Matt Almgren wrote: > Ssh keys are still on the table and that is one of the alternatives. They are relatively easy to roll out on rancid by itself - I did it after some googling, and it wasn't too bad... (key based ident is mentioned in one of the articles that pop up when googling for rancid and ssh... adapted a bit to my debian needs and that's it, all it really needed.) > However, I?d like to use TAC+ as well for authorization and accounting. However I've no notion or knowledge of TAC+ sorry... > > However, I?m not finding too much information for incorporating TAC+ with > SSH keys. If we went that route, that would probably solve most of our > issues - albeit more of a headache to roll out. > > Thanks, Matt > el es From heas at shrubbery.net Wed May 6 16:14:49 2015 From: heas at shrubbery.net (heasley) Date: Wed, 6 May 2015 16:14:49 +0000 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: <554A33DA.1090901@gmail.com> References: <554A33DA.1090901@gmail.com> Message-ID: <20150506161449.GA66171@shrubbery.net> Wed, May 06, 2015 at 04:31:38PM +0100, Lukasz Sokol: > On 06/05/15 16:19, Matt Almgren wrote: > > Ssh keys are still on the table and that is one of the alternatives. > > They are relatively easy to roll out on rancid by itself - I did it after some > googling, and it wasn't too bad... (key based ident is mentioned in one of the articles > that pop up when googling for rancid and ssh... adapted a bit to my debian needs and that's > it, all it really needed.) the passphrase is still stored somewhere. although interactive users could use ssh-agent. From rancid at gheek.net Wed May 6 18:41:46 2015 From: rancid at gheek.net (Lance Vermilion) Date: Wed, 6 May 2015 11:41:46 -0700 Subject: [rancid] Alternatives to cleartext password in .cloginrc ? In-Reply-To: <20150506161449.GA66171@shrubbery.net> References: <554A33DA.1090901@gmail.com> <20150506161449.GA66171@shrubbery.net> Message-ID: For user access (not config backup) of rancid scripts a simple work around I am (sometime soon) implementing a script that does a find/replace in the .cloginrc. The password stored in the . cloginrc is in base64 format so not clear text. This means i will also patch rancid to decode the password encoded in base64. Each time the user logs in they will need to enact this script that does the updating of the .cloginrc because at logout/login the .cloginrc is set back to variables (for easy find and replace). This solution will not work for everyone but it will for me. On May 6, 2015 9:14 AM, "heasley" wrote: > > Wed, May 06, 2015 at 04:31:38PM +0100, Lukasz Sokol: > > On 06/05/15 16:19, Matt Almgren wrote: > > > Ssh keys are still on the table and that is one of the alternatives. > > > > They are relatively easy to roll out on rancid by itself - I did it after some > > googling, and it wasn't too bad... (key based ident is mentioned in one of the articles > > that pop up when googling for rancid and ssh... adapted a bit to my debian needs and that's > > it, all it really needed.) > > the passphrase is still stored somewhere. although interactive users could > use ssh-agent. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From Scott.Foster at MerrickBank.com Wed May 6 22:01:11 2015 From: Scott.Foster at MerrickBank.com (Scott Foster) Date: Wed, 6 May 2015 22:01:11 +0000 Subject: [rancid] Brocade 6910 switch... Message-ID: <7EDDE3B155AD8D4EA602ECB7C94B8D314EA92F76@IT032V.mbc.com> Does anyone have a script that will backup a Brocade 6910 switch? The switch's CLI is slightly different than a typical Foundry/Brocade configuration. For instance, to get to configuration mode you type "config" versus "config t" on a typical Foundry/Brocade switch. Scott ____________ This e-mail and any files transmitted with it are confidential, and are intended solely for the use of the intended recipient. If you are not the intended recipient, or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error, and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please return it to the sender at Merrick Bank, and delete it from your computer. Although Merrick Bank attempts to sweep e-mail and attachments for viruses, it does not guarantee that they are virus-free, and accepts no liability for any damage sustained as a result. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Scott.Foster at MerrickBank.com Wed May 6 22:40:18 2015 From: Scott.Foster at MerrickBank.com (Scott Foster) Date: Wed, 6 May 2015 22:40:18 +0000 Subject: [rancid] Vdxrancid contributed script on working on my Brocade VDX Message-ID: <7EDDE3B155AD8D4EA602ECB7C94B8D314EA930C0@IT032V.mbc.com> I have been trying to get the below contributed script for a Brocade VDX switch to work on my VDX 6710, 6720 and 6740 switches. I have listed the URL to the contributed script below. https://code.google.com/p/vdxrancid/source/browse/trunk/vdxrancid?spec=svn2&r=2 When I execute the vdxrancid script I get the error: "End of run not found" I've validated that I have implemented the script and modified my files as needed (someone also check this as well). We can't find anything that would be causing this. The only thing that we might has found is that when you perform a "show run" at the command prompt that there is no 'end' at the end of the configuration. I'm thinking this might be problem and that rancid is hitting the end of the config, but doesn't know if it is the end or not. We are running code 4.1.3a. I'm hoping that someone might be able to help. Scott ____________ This e-mail and any files transmitted with it are confidential, and are intended solely for the use of the intended recipient. If you are not the intended recipient, or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error, and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please return it to the sender at Merrick Bank, and delete it from your computer. Although Merrick Bank attempts to sweep e-mail and attachments for viruses, it does not guarantee that they are virus-free, and accepts no liability for any damage sustained as a result. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott.granados at gmail.com Wed May 6 19:40:58 2015 From: scott.granados at gmail.com (Scott Granados) Date: Wed, 6 May 2015 15:40:58 -0400 Subject: [rancid] blank log files on initial install Message-ID: <113BBDF2-3D70-4481-838F-C967805FD936@gmail.com> Hi, this may be a very n00by question but googling hasn?t helped so I thought I?d ask here. I just installed a fresh copy of rancid-3.2. Admittedly my previous attempt has been using yum or apt-get to install rancid 2.3.6 but this time I downloaded the source and compiled. There were no errors during compilation. When I run rancid-run the process exits very quickly and the generated log files for each group show a start and end with no text in-between. However, if I run the clog in command with a router name it logs in fine and drops me in to the network element. What should I check to diagnose the lack of configs being pulled and the totally empty logs other than the words start and end. Any pointers would be most appreciated. Thank you Scott From lind108 at hotmail.com Thu May 7 01:08:07 2015 From: lind108 at hotmail.com (Kenneth) Date: Wed, 6 May 2015 21:08:07 -0400 Subject: [rancid] blank log files on initial install Message-ID: An HTML attachment was scrubbed... URL: From nick at buraglio.com Wed May 6 23:15:27 2015 From: nick at buraglio.com (Nick Buraglio) Date: Wed, 6 May 2015 18:15:27 -0500 Subject: [rancid] Vdxrancid contributed script on working on my Brocade VDX In-Reply-To: <7EDDE3B155AD8D4EA602ECB7C94B8D314EA930C0@IT032V.mbc.com> References: <7EDDE3B155AD8D4EA602ECB7C94B8D314EA930C0@IT032V.mbc.com> Message-ID: I wrote that quite a while ago (2012) when the vdx was really new, I suspect the output may have changed. I don't have any vdx to test against any longer. Another data point is that I never tested it with the newest rancid which has a very different framework for adding new devices. On Wednesday, May 6, 2015, Scott Foster wrote: > I have been trying to get the below contributed script for a Brocade VDX > switch to work on my VDX 6710, 6720 and 6740 switches. I have listed the > URL to the contributed script below. > > > > > https://code.google.com/p/vdxrancid/source/browse/trunk/vdxrancid?spec=svn2&r=2 > > > > When I execute the vdxrancid script I get the error: ?End of run not > found? > > > > I?ve validated that I have implemented the script and modified my files as > needed (someone also check this as well). We can?t find anything that > would be causing this. The only thing that we might has found is that when > you perform a ?show run? at the command prompt that there is no ?end? at > the end of the configuration. I?m thinking this might be problem and that > rancid is hitting the end of the config, but doesn?t know if it is the end > or not. > > > > We are running code 4.1.3a. I?m hoping that someone might be able to help. > > > > Scott > > > > ____________ > > This e-mail and any files transmitted with it are confidential, > and are intended solely for the use of the intended recipient. > If you are not the intended recipient, or the person responsible > for delivering the e-mail to the intended recipient, be advised > that you have received this e-mail in error, and that any use, > dissemination, forwarding, printing, or copying of this e-mail > is strictly prohibited. If you have received this e-mail in error, > please return it to the sender at Merrick Bank, and delete it > from your computer. > > Although Merrick Bank attempts to sweep e-mail and attachments > for viruses, it does not guarantee that they are virus-free, and accepts > no liability for any damage sustained as a result. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott.granados at gmail.com Thu May 7 12:24:22 2015 From: scott.granados at gmail.com (Scott Granados) Date: Thu, 7 May 2015 08:24:22 -0400 Subject: [rancid] blank log files on initial install In-Reply-To: References: Message-ID: <4CE095F9-FFC7-4B0A-99E4-D85808255770@gmail.com> Wow I saw no mention of that in the doc. I will give this a try. I think I may have a ? missing in my config as well after coming back to this with some sleep this morning. I will give both a try and thank you much for the pointer. On May 6, 2015, at 9:08 PM, Kenneth wrote: > Check your router.db file and ensure you're using the correct delimiter. I had the same problem when I first upgraded to 3.1 and it took me far too long to find that you need to use a semicolon instead of a colon (a little RTFM and some hair pulling helped) and I experienced the same problem you describe. > > Example router.db entry for 3.1+ (to allow for IPv6 addressing): > > Hostname;cisco;up > On May 6, 2015 20:57, Scott Granados wrote: > Hi, this may be a very n00by question but googling hasn?t helped so I thought I?d ask here. I just installed a fresh copy of rancid-3.2. Admittedly my previous attempt has been using yum or apt-get to install rancid 2.3.6 but this time I downloaded the source and compiled. There were no errors during compilation. > When I run rancid-run the process exits very quickly and the generated log files for each group show a start and end with no text in-between. However, if I run the clog in command with a router name it logs in fine and drops me in to the network element. What should I check to diagnose the lack of configs being pulled and the totally empty logs other than the words start and end. Any pointers would be most appreciated. > > Thank you > Scott > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmcgill at youngliving.com Wed May 6 19:22:07 2015 From: dmcgill at youngliving.com (Daren McGill) Date: Wed, 6 May 2015 19:22:07 +0000 Subject: [rancid] cisco 4516 backup issue Message-ID: So I have followed all of the trouble shooting steps in the FAQ as stated below. If I run the following command all works well and I get the file and output I am looking for rancid -d -t cisco slc-core02. If I run the rancid-run -r slc-core02 I get the following in the log message slc-core02: missed cmd(s): all commands slc-core02 clogin error: Error: Connection closed (ssh): slc-core02 slc-core02: End of run not found This was working with no issues and now has not been backing up. It is still working for all other routers in the router.db the entry for these is simple and should be fine slc-core02;cisco;up any advice or options to try and get this working again would be appreciated. Thanks Daren Q. I have a (set of) device(s) on which collection fails. How can I debug this? A. Our usual diagnostic procedure for this is: - Make sure that the appropriate *login (example: clogin for cisco) works. This tests to make sure you don't have routing or firewall issues, DNS or hostname errors, that your .cloginrc is correct, your banner does not have some character that *login does not like, and that the *login script doesn't have a bug of some sort. For example: clogin cisco_router Should login to cisco_router and produce a router prompt that you can use normally, as if clogin were not used (i.e.: telnet cisco_router). - See if commands can be executed on the router via clogin. This will exercise the *login functionality needed for rancid. For example: clogin -c 'show version; show diag' cisco_router Should login to cisco_router, run show version and show diag, then disconnect and exit. The output will be displayed on your terminal. - Then see if the correct rancid commands work against the router. For example: rancid cisco_router Should produce a cisco_router.new file (cooked to a golden rancid-style colour) in the current directory. If it does not, try again with the -d option, so that the cisco_router.new file will not be removed if an error is detected. Note: if you have NOPIPE set in your environment, a cisco_router.raw file will be produced that is the raw output of the dialogue with the device. If all of these work, make sure that the device's entry in the group's router.db file is correct and check the group's last log file for errors. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bhart at unifiedbrands.net Thu May 7 14:11:28 2015 From: bhart at unifiedbrands.net (Hart, Benjamin) Date: Thu, 7 May 2015 14:11:28 +0000 Subject: [rancid] blank config files Message-ID: So I followed the setup here: http://ciscoskills.net/2015/01/03/install-rancid-and-viewvc-on-centos-7/ I get no errors, the log files are empty after each rancid-run. However clogin x.x.x.x connected, enables and gives me an ssh prompt, responded to commands like sh run. This is indeed on CentOS 7, rancid 3.2. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott.granados at gmail.com Thu May 7 16:36:55 2015 From: scott.granados at gmail.com (Scott Granados) Date: Thu, 7 May 2015 12:36:55 -0400 Subject: [rancid] blank log files on initial install In-Reply-To: References: Message-ID: This was the exact problem. I switched to using ; delimiters and it worked great. Thank you. Your help was very much appreciated. On May 6, 2015, at 9:08 PM, Kenneth wrote: > Check your router.db file and ensure you're using the correct delimiter. I had the same problem when I first upgraded to 3.1 and it took me far too long to find that you need to use a semicolon instead of a colon (a little RTFM and some hair pulling helped) and I experienced the same problem you describe. > > Example router.db entry for 3.1+ (to allow for IPv6 addressing): > > Hostname;cisco;up > On May 6, 2015 20:57, Scott Granados wrote: > Hi, this may be a very n00by question but googling hasn?t helped so I thought I?d ask here. I just installed a fresh copy of rancid-3.2. Admittedly my previous attempt has been using yum or apt-get to install rancid 2.3.6 but this time I downloaded the source and compiled. There were no errors during compilation. > When I run rancid-run the process exits very quickly and the generated log files for each group show a start and end with no text in-between. However, if I run the clog in command with a router name it logs in fine and drops me in to the network element. What should I check to diagnose the lack of configs being pulled and the totally empty logs other than the words start and end. Any pointers would be most appreciated. > > Thank you > Scott > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott.granados at gmail.com Thu May 7 17:10:36 2015 From: scott.granados at gmail.com (Scott Granados) Date: Thu, 7 May 2015 13:10:36 -0400 Subject: [rancid] blank config files In-Reply-To: References: Message-ID: <347F1F38-6395-4CE1-BC08-7A3A76306749@gmail.com> This is the exact problem I had and Kenneth set me straight. in your routers.db file make sure you use a ; in stead of a : so for example bobsrouter.bobu.edu;juniper;up the normal method previously was to use a : but that no longer does the trick. You?llhave the exact symptoms that you?re expressing. Thanks Scott On May 7, 2015, at 10:11 AM, Hart, Benjamin wrote: > So I followed the setup here: http://ciscoskills.net/2015/01/03/install-rancid-and-viewvc-on-centos-7/ > I get no errors, the log files are empty after each rancid-run. However clogin x.x.x.x connected, enables and gives me an ssh prompt, responded to commands like sh run. This is indeed on CentOS 7, rancid 3.2. > Thanks > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott.granados at gmail.com Thu May 7 18:32:03 2015 From: scott.granados at gmail.com (Scott Granados) Date: Thu, 7 May 2015 14:32:03 -0400 Subject: [rancid] question about backup on PaloAlto firewalls Message-ID: So the interesting thing is I have this working well under 2.3.6 but 3.2 seems quite different with out a lot of documentation to show the differences so I hope someone can help. I am trying to backup a Paloalto Networks firewall and ending up with blank files and the following log output. starting: Thu May 7 14:08:48 EDT 2015 /usr/local/rancid/bin/control_rancid: 363: /usr/local/rancid/bin/control_rancid: -t: not found svn: warning: 'paloalto-01-prod-na-02.abc.com' is already under version control Added paloalto-01-prod-na-02.abc.com svn: warning: 'paloalto-02-prod-na-02.abc.com' is already under version control Added paloalto-02-prod-na-02.abc.com Trying to get all of the configs. paloalto-02-prod-na-02.abc.com: missed cmd(s): all commands paloalto-02-prod-na-02.abc.com: End of run not found paloalto-01-prod-na-02.abc.com: missed cmd(s): all commands paloalto-01-prod-na-02.abc.com: End of run not found ===================================== Getting missed routers: round 1. paloalto-01-prod-na-02.abc.com: missed cmd(s): all commands paloalto-01-prod-na-02.abc.com: End of run not found paloalto-02-prod-na-02.abc.com: missed cmd(s): all commands paloalto-02-prod-na-02.abc.com: End of run not found ===================================== I tried uploading my pan rancid file with no luck, doesn?t seem like it?s called. I also see the rancid-fe file has changed and there?s no more %vendortable to set. I set hostname;paloalto;up in the router.db and insured that it matched the paloalto in rancid.types.conf which seems to be where the vendor data is stored. What have I missed, any ideas would be most helpful. The panlogin process is successful when testing that way. Thanks Scott -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancid at ale.cx Thu May 7 19:41:40 2015 From: rancid at ale.cx (Alex DEKKER) Date: Thu, 07 May 2015 20:41:40 +0100 Subject: [rancid] blank log files on initial install In-Reply-To: References: Message-ID: <554BBFF4.3020109@ale.cx> On 07/05/15 17:36, Scott Granados wrote: > This was the exact problem. I switched to using ; delimiters and it > worked great. > > Thank you. Your help was very much appreciated. > The number of times this comes up in here, I bet heasley wishes he'd added a little check/warning to rancid to cover this :-) alexd -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu May 7 19:45:59 2015 From: heas at shrubbery.net (heasley) Date: Thu, 7 May 2015 19:45:59 +0000 Subject: [rancid] question about backup on PaloAlto firewalls In-Reply-To: References: Message-ID: <20150507194559.GJ26745@shrubbery.net> Thu, May 07, 2015 at 02:32:03PM -0400, Scott Granados: > So the interesting thing is I have this working well under 2.3.6 but 3.2 seems quite different with out a lot of documentation to show the differences so I hope someone can help. > > I am trying to backup a Paloalto Networks firewall and ending up with blank files and the following log output. > starting: Thu May 7 14:08:48 EDT 2015 > > /usr/local/rancid/bin/control_rancid: 363: /usr/local/rancid/bin/control_rancid: -t: not found > svn: warning: 'paloalto-01-prod-na-02.abc.com' is already under version control > Added paloalto-01-prod-na-02.abc.com > svn: warning: 'paloalto-02-prod-na-02.abc.com' is already under version control > Added paloalto-02-prod-na-02.abc.com > > > > Trying to get all of the configs. > paloalto-02-prod-na-02.abc.com: missed cmd(s): all commands > paloalto-02-prod-na-02.abc.com: End of run not found > paloalto-01-prod-na-02.abc.com: missed cmd(s): all commands > paloalto-01-prod-na-02.abc.com: End of run not found > ===================================== > Getting missed routers: round 1. > paloalto-01-prod-na-02.abc.com: missed cmd(s): all commands > paloalto-01-prod-na-02.abc.com: End of run not found > paloalto-02-prod-na-02.abc.com: missed cmd(s): all commands > paloalto-02-prod-na-02.abc.com: End of run not found > ===================================== > > I tried uploading my pan rancid file with no luck, doesn?t seem like it?s called. I also see the rancid-fe file has changed and there?s no more %vendortable to set. I set > hostname;paloalto;up > in the router.db and insured that it matched the paloalto in rancid.types.conf which seems to be where the vendor data is stored. > > What have I missed, any ideas would be most helpful. The panlogin process is successful when testing that way. see rancid.types.conf(5). its possible to add older style scripts w/o modification. but, the panos stuff was imported and should be in 3.2; where you'd manually run with rancid -t paloalto hostname From heas at shrubbery.net Thu May 7 20:45:02 2015 From: heas at shrubbery.net (heasley) Date: Thu, 7 May 2015 20:45:02 +0000 Subject: [rancid] blank log files on initial install In-Reply-To: <20150507203742.14CA89A439@sea.shrubbery.net> <554BBFF4.3020109@ale.cx> Message-ID: <20150507204502.GA36025@shrubbery.net> Thu, May 07, 2015 at 08:41:40PM +0100, Alex DEKKER: > On 07/05/15 17:36, Scott Granados wrote: > > This was the exact problem. I switched to using ; delimiters and it > > worked great. > > > > Thank you. Your help was very much appreciated. > > > The number of times this comes up in here, I bet heasley wishes he'd > added a little check/warning to rancid to cover this :-) > > alexd perhaps this Index: bin/control_rancid.in =================================================================== --- bin/control_rancid.in (revision 3088) +++ bin/control_rancid.in (working copy) @@ -278,6 +278,9 @@ exit 1; fi +# reading test + at PERLV@ -F\; -ane '{if ($F[0] !~ /^\s*#/ && $F[0] !~ /^\s*$/ && $#F < 2 && $F[0] =~ /:/) {print "WARNING: Have you forgotten to update the FS in router.db?\n"; exit;}}' router.db + # generate the list of all, up, & down routers cd $DIR trap 'rm -fr routers.db routers.all.new routers.down.new routers.up.new \ From bhart at unifiedbrands.net Thu May 7 18:40:31 2015 From: bhart at unifiedbrands.net (Hart, Benjamin) Date: Thu, 7 May 2015 18:40:31 +0000 Subject: [rancid] No mail flow Message-ID: Fresh install, Rancid is pulling configs now. I've got the main.cf settings for the relayhost, and postfix is running. However I get no mail after rancid-run is processed. Postfix does work when telnet mailing.. since there's no postfix or mail related entries in the rancid logs where can I look for this? Thanks Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From bhart at unifiedbrands.net Thu May 7 17:38:54 2015 From: bhart at unifiedbrands.net (Hart, Benjamin) Date: Thu, 7 May 2015 17:38:54 +0000 Subject: [rancid] blank config files In-Reply-To: <347F1F38-6395-4CE1-BC08-7A3A76306749@gmail.com> References: <347F1F38-6395-4CE1-BC08-7A3A76306749@gmail.com> Message-ID: Awesome.. did the trick. Thanks Scott. From: Scott Granados [mailto:scott.granados at gmail.com] Sent: Thursday, May 7, 2015 1:11 PM To: Hart, Benjamin Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] blank config files This is the exact problem I had and Kenneth set me straight. in your routers.db file make sure you use a ; in stead of a : so for example bobsrouter.bobu.edu;juniper;up the normal method previously was to use a : but that no longer does the trick. You'llhave the exact symptoms that you're expressing. Thanks Scott On May 7, 2015, at 10:11 AM, Hart, Benjamin > wrote: So I followed the setup here: http://ciscoskills.net/2015/01/03/install-rancid-and-viewvc-on-centos-7/ I get no errors, the log files are empty after each rancid-run. However clogin x.x.x.x connected, enables and gives me an ssh prompt, responded to commands like sh run. This is indeed on CentOS 7, rancid 3.2. Thanks _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From alq16 at 163.com Sun May 10 02:19:54 2015 From: alq16 at 163.com (alq16) Date: Sun, 10 May 2015 10:19:54 +0800 Subject: [rancid] Rancid-discuss Digest, Vol 55, Issue 6 In-Reply-To: References: Message-ID: <2baadeb7.739.14d3b9f6fd1.Coremail.alq16@163.com> Hi All, I found the same problem. Previously I used ";" instead of ":" on router.db,and some config files were recovered. But still,some configs could not be found ,either. And,these are "Dell" & "F5" devices. Please help. Thanks, Kevin 2015-05-10 alq16 ????rancid-discuss-request at shrubbery.net ?????2015-05-09 04:00 ???Rancid-discuss Digest, Vol 55, Issue 6 ????"rancid-discuss" ??? Send Rancid-discuss mailing list submissions to rancid-discuss at shrubbery.net To subscribe or unsubscribe via the World Wide Web, visit http://www.shrubbery.net/mailman/listinfo/rancid-discuss or, via email, send a message with subject or body 'help' to rancid-discuss-request at shrubbery.net You can reach the person managing the list at rancid-discuss-owner at shrubbery.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Rancid-discuss digest..." Today's Topics: 1. Re: blank log files on initial install (heasley) 2. No mail flow (Hart, Benjamin) 3. Re: blank config files (Hart, Benjamin) ---------------------------------------------------------------------- Message: 1 Date: Thu, 7 May 2015 20:45:02 +0000 From: heasley To: Alex DEKKER Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] blank log files on initial install Message-ID: <20150507204502.GA36025 at shrubbery.net> Content-Type: text/plain; charset=us-ascii Thu, May 07, 2015 at 08:41:40PM +0100, Alex DEKKER: > On 07/05/15 17:36, Scott Granados wrote: > > This was the exact problem. I switched to using ; delimiters and it > > worked great. > > > > Thank you. Your help was very much appreciated. > > > The number of times this comes up in here, I bet heasley wishes he'd > added a little check/warning to rancid to cover this :-) > > alexd perhaps this Index: bin/control_rancid.in =================================================================== --- bin/control_rancid.in (revision 3088) +++ bin/control_rancid.in (working copy) @@ -278,6 +278,9 @@ exit 1; fi +# reading test + at PERLV@ -F\; -ane '{if ($F[0] !~ /^\s*#/ && $F[0] !~ /^\s*$/ && $#F < 2 && $F[0] =~ /:/) {print "WARNING: Have you forgotten to update the FS in router.db?\n"; exit;}}' router.db + # generate the list of all, up, & down routers cd $DIR trap 'rm -fr routers.db routers.all.new routers.down.new routers.up.new \ ------------------------------ Message: 2 Date: Thu, 7 May 2015 18:40:31 +0000 From: "Hart, Benjamin" To: "rancid-discuss at shrubbery.net" Subject: [rancid] No mail flow Message-ID: Content-Type: text/plain; charset="us-ascii" Fresh install, Rancid is pulling configs now. I've got the main.cf settings for the relayhost, and postfix is running. However I get no mail after rancid-run is processed. Postfix does work when telnet mailing.. since there's no postfix or mail related entries in the rancid logs where can I look for this? Thanks Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 3 Date: Thu, 7 May 2015 17:38:54 +0000 From: "Hart, Benjamin" To: Scott Granados Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] blank config files Message-ID: Content-Type: text/plain; charset="us-ascii" Awesome.. did the trick. Thanks Scott. From: Scott Granados [mailto:scott.granados at gmail.com] Sent: Thursday, May 7, 2015 1:11 PM To: Hart, Benjamin Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] blank config files This is the exact problem I had and Kenneth set me straight. in your routers.db file make sure you use a ; in stead of a : so for example bobsrouter.bobu.edu;juniper;up the normal method previously was to use a : but that no longer does the trick. You'llhave the exact symptoms that you're expressing. Thanks Scott On May 7, 2015, at 10:11 AM, Hart, Benjamin > wrote: So I followed the setup here: http://ciscoskills.net/2015/01/03/install-rancid-and-viewvc-on-centos-7/ I get no errors, the log files are empty after each rancid-run. However clogin x.x.x.x connected, enables and gives me an ssh prompt, responded to commands like sh run. This is indeed on CentOS 7, rancid 3.2. Thanks _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Subject: Digest Footer _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss ------------------------------ End of Rancid-discuss Digest, Vol 55, Issue 6 ********************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From alq16 at 163.com Sun May 10 02:29:49 2015 From: alq16 at 163.com (alq16) Date: Sun, 10 May 2015 10:29:49 +0800 Subject: [rancid] Rancid-discuss Digest, Vol 55, Issue 6 In-Reply-To: <554EC04A.4090005@163.com> References: <554EC04A.4090005@163.com> Message-ID: <193ccc44.7d4.14d3ba881e0.Coremail.alq16@163.com> By the way,shall I need to do some patching on the Rancid server? Thanks, Kevin 2015-05-10 alq16 ????"alq16" ?????2015-05-10 10:19 ???Re: Rancid-discuss Digest, Vol 55, Issue 6 ????"rancid-discuss" ??? Hi All, I found the same problem. Previously I used ";" instead of ":" on router.db,and some config files were recovered. But still,some configs could not be found ,either. And,these are "Dell" & "F5" devices. Please help. Thanks, Kevin 2015-05-10 alq16 ????rancid-discuss-request at shrubbery.net ?????2015-05-09 04:00 ???Rancid-discuss Digest, Vol 55, Issue 6 ????"rancid-discuss" ??? Send Rancid-discuss mailing list submissions to rancid-discuss at shrubbery.net To subscribe or unsubscribe via the World Wide Web, visit http://www.shrubbery.net/mailman/listinfo/rancid-discuss or, via email, send a message with subject or body 'help' to rancid-discuss-request at shrubbery.net You can reach the person managing the list at rancid-discuss-owner at shrubbery.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Rancid-discuss digest..." Today's Topics: 1. Re: blank log files on initial install (heasley) 2. No mail flow (Hart, Benjamin) 3. Re: blank config files (Hart, Benjamin) ---------------------------------------------------------------------- Message: 1 Date: Thu, 7 May 2015 20:45:02 +0000 From: heasley To: Alex DEKKER Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] blank log files on initial install Message-ID: <20150507204502.GA36025 at shrubbery.net> Content-Type: text/plain; charset=us-ascii Thu, May 07, 2015 at 08:41:40PM +0100, Alex DEKKER: > On 07/05/15 17:36, Scott Granados wrote: > > This was the exact problem. I switched to using ; delimiters and it > > worked great. > > > > Thank you. Your help was very much appreciated. > > > The number of times this comes up in here, I bet heasley wishes he'd > added a little check/warning to rancid to cover this :-) > > alexd perhaps this Index: bin/control_rancid.in =================================================================== --- bin/control_rancid.in (revision 3088) +++ bin/control_rancid.in (working copy) @@ -278,6 +278,9 @@ exit 1; fi +# reading test + at PERLV@ -F\; -ane '{if ($F[0] !~ /^\s*#/ && $F[0] !~ /^\s*$/ && $#F < 2 && $F[0] =~ /:/) {print "WARNING: Have you forgotten to update the FS in router.db?\n"; exit;}}' router.db + # generate the list of all, up, & down routers cd $DIR trap 'rm -fr routers.db routers.all.new routers.down.new routers.up.new \ ------------------------------ Message: 2 Date: Thu, 7 May 2015 18:40:31 +0000 From: "Hart, Benjamin" To: "rancid-discuss at shrubbery.net" Subject: [rancid] No mail flow Message-ID: Content-Type: text/plain; charset="us-ascii" Fresh install, Rancid is pulling configs now. I've got the main.cf settings for the relayhost, and postfix is running. However I get no mail after rancid-run is processed. Postfix does work when telnet mailing.. since there's no postfix or mail related entries in the rancid logs where can I look for this? Thanks Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 3 Date: Thu, 7 May 2015 17:38:54 +0000 From: "Hart, Benjamin" To: Scott Granados Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] blank config files Message-ID: Content-Type: text/plain; charset="us-ascii" Awesome.. did the trick. Thanks Scott. From: Scott Granados [mailto:scott.granados at gmail.com] Sent: Thursday, May 7, 2015 1:11 PM To: Hart, Benjamin Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] blank config files This is the exact problem I had and Kenneth set me straight. in your routers.db file make sure you use a ; in stead of a : so for example bobsrouter.bobu.edu;juniper;up the normal method previously was to use a : but that no longer does the trick. You'llhave the exact symptoms that you're expressing. Thanks Scott On May 7, 2015, at 10:11 AM, Hart, Benjamin > wrote: So I followed the setup here: http://ciscoskills.net/2015/01/03/install-rancid-and-viewvc-on-centos-7/ I get no errors, the log files are empty after each rancid-run. However clogin x.x.x.x connected, enables and gives me an ssh prompt, responded to commands like sh run. This is indeed on CentOS 7, rancid 3.2. Thanks _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Subject: Digest Footer _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss ------------------------------ End of Rancid-discuss Digest, Vol 55, Issue 6 ********************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From alq16 at 163.com Mon May 11 14:28:43 2015 From: alq16 at 163.com (alq16) Date: Mon, 11 May 2015 22:28:43 +0800 Subject: [rancid] Rancid-discuss Digest, Vol 55, Issue 7--Centos 6.4, RUNCID 3.2, Config file not avaiilable for "Dell & F5" devices In-Reply-To: References: Message-ID: <2ee6eb0e.623f.14d43634d61.Coremail.alq16@163.com> As captioned,cloginrc running is ok,but no result for rancid-run. Not sure if something from cvs is blocking the access of the config files,unexpected,for the devices. 2015-05-11 alq16 ????rancid-discuss-request at shrubbery.net ?????2015-05-11 04:00 ???Rancid-discuss Digest, Vol 55, Issue 7 ????"rancid-discuss" ??? Send Rancid-discuss mailing list submissions to rancid-discuss at shrubbery.net To subscribe or unsubscribe via the World Wide Web, visit http://www.shrubbery.net/mailman/listinfo/rancid-discuss or, via email, send a message with subject or body 'help' to rancid-discuss-request at shrubbery.net You can reach the person managing the list at rancid-discuss-owner at shrubbery.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Rancid-discuss digest..." Today's Topics: 1. Re: Rancid-discuss Digest, Vol 55, Issue 6 (alq16) 2. Re: Rancid-discuss Digest, Vol 55, Issue 6 (alq16) ---------------------------------------------------------------------- Message: 1 Date: Sun, 10 May 2015 10:19:54 +0800 From: "alq16" To: "rancid-discuss" Subject: Re: [rancid] Rancid-discuss Digest, Vol 55, Issue 6 Message-ID: <2baadeb7.739.14d3b9f6fd1.Coremail.alq16 at 163.com> Content-Type: text/plain; charset="utf-8" Hi All, I found the same problem. Previously I used ";" instead of ":" on router.db,and some config files were recovered. But still,some configs could not be found ,either. And,these are "Dell" & "F5" devices. Please help. Thanks, Kevin 2015-05-10 alq16 ????rancid-discuss-request at shrubbery.net ?????2015-05-09 04:00 ???Rancid-discuss Digest, Vol 55, Issue 6 ????"rancid-discuss" ??? Send Rancid-discuss mailing list submissions to rancid-discuss at shrubbery.net To subscribe or unsubscribe via the World Wide Web, visit http://www.shrubbery.net/mailman/listinfo/rancid-discuss or, via email, send a message with subject or body 'help' to rancid-discuss-request at shrubbery.net You can reach the person managing the list at rancid-discuss-owner at shrubbery.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Rancid-discuss digest..." Today's Topics: 1. Re: blank log files on initial install (heasley) 2. No mail flow (Hart, Benjamin) 3. Re: blank config files (Hart, Benjamin) ---------------------------------------------------------------------- Message: 1 Date: Thu, 7 May 2015 20:45:02 +0000 From: heasley To: Alex DEKKER Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] blank log files on initial install Message-ID: <20150507204502.GA36025 at shrubbery.net> Content-Type: text/plain; charset=us-ascii Thu, May 07, 2015 at 08:41:40PM +0100, Alex DEKKER: > On 07/05/15 17:36, Scott Granados wrote: > > This was the exact problem. I switched to using ; delimiters and it > > worked great. > > > > Thank you. Your help was very much appreciated. > > > The number of times this comes up in here, I bet heasley wishes he'd > added a little check/warning to rancid to cover this :-) > > alexd perhaps this Index: bin/control_rancid.in =================================================================== --- bin/control_rancid.in (revision 3088) +++ bin/control_rancid.in (working copy) @@ -278,6 +278,9 @@ exit 1; fi +# reading test + at PERLV@ -F\; -ane '{if ($F[0] !~ /^\s*#/ && $F[0] !~ /^\s*$/ && $#F < 2 && $F[0] =~ /:/) {print "WARNING: Have you forgotten to update the FS in router.db?\n"; exit;}}' router.db + # generate the list of all, up, & down routers cd $DIR trap 'rm -fr routers.db routers.all.new routers.down.new routers.up.new \ ------------------------------ Message: 2 Date: Thu, 7 May 2015 18:40:31 +0000 From: "Hart, Benjamin" To: "rancid-discuss at shrubbery.net" Subject: [rancid] No mail flow Message-ID: Content-Type: text/plain; charset="us-ascii" Fresh install, Rancid is pulling configs now. I've got the main.cf settings for the relayhost, and postfix is running. However I get no mail after rancid-run is processed. Postfix does work when telnet mailing.. since there's no postfix or mail related entries in the rancid logs where can I look for this? Thanks Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 3 Date: Thu, 7 May 2015 17:38:54 +0000 From: "Hart, Benjamin" To: Scott Granados Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] blank config files Message-ID: Content-Type: text/plain; charset="us-ascii" Awesome.. did the trick. Thanks Scott. From: Scott Granados [mailto:scott.granados at gmail.com] Sent: Thursday, May 7, 2015 1:11 PM To: Hart, Benjamin Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] blank config files This is the exact problem I had and Kenneth set me straight. in your routers.db file make sure you use a ; in stead of a : so for example bobsrouter.bobu.edu;juniper;up the normal method previously was to use a : but that no longer does the trick. You'llhave the exact symptoms that you're expressing. Thanks Scott On May 7, 2015, at 10:11 AM, Hart, Benjamin > wrote: So I followed the setup here: http://ciscoskills.net/2015/01/03/install-rancid-and-viewvc-on-centos-7/ I get no errors, the log files are empty after each rancid-run. However clogin x.x.x.x connected, enables and gives me an ssh prompt, responded to commands like sh run. This is indeed on CentOS 7, rancid 3.2. Thanks _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Subject: Digest Footer _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss ------------------------------ End of Rancid-discuss Digest, Vol 55, Issue 6 ********************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 2 Date: Sun, 10 May 2015 10:29:49 +0800 From: "alq16" To: "rancid-discuss" Subject: Re: [rancid] Rancid-discuss Digest, Vol 55, Issue 6 Message-ID: <193ccc44.7d4.14d3ba881e0.Coremail.alq16 at 163.com> Content-Type: text/plain; charset="utf-8" By the way,shall I need to do some patching on the Rancid server? Thanks, Kevin 2015-05-10 alq16 ????"alq16" ?????2015-05-10 10:19 ???Re: Rancid-discuss Digest, Vol 55, Issue 6 ????"rancid-discuss" ??? Hi All, I found the same problem. Previously I used ";" instead of ":" on router.db,and some config files were recovered. But still,some configs could not be found ,either. And,these are "Dell" & "F5" devices. Please help. Thanks, Kevin 2015-05-10 alq16 ????rancid-discuss-request at shrubbery.net ?????2015-05-09 04:00 ???Rancid-discuss Digest, Vol 55, Issue 6 ????"rancid-discuss" ??? Send Rancid-discuss mailing list submissions to rancid-discuss at shrubbery.net To subscribe or unsubscribe via the World Wide Web, visit http://www.shrubbery.net/mailman/listinfo/rancid-discuss or, via email, send a message with subject or body 'help' to rancid-discuss-request at shrubbery.net You can reach the person managing the list at rancid-discuss-owner at shrubbery.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Rancid-discuss digest..." Today's Topics: 1. Re: blank log files on initial install (heasley) 2. No mail flow (Hart, Benjamin) 3. Re: blank config files (Hart, Benjamin) ---------------------------------------------------------------------- Message: 1 Date: Thu, 7 May 2015 20:45:02 +0000 From: heasley To: Alex DEKKER Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] blank log files on initial install Message-ID: <20150507204502.GA36025 at shrubbery.net> Content-Type: text/plain; charset=us-ascii Thu, May 07, 2015 at 08:41:40PM +0100, Alex DEKKER: > On 07/05/15 17:36, Scott Granados wrote: > > This was the exact problem. I switched to using ; delimiters and it > > worked great. > > > > Thank you. Your help was very much appreciated. > > > The number of times this comes up in here, I bet heasley wishes he'd > added a little check/warning to rancid to cover this :-) > > alexd perhaps this Index: bin/control_rancid.in =================================================================== --- bin/control_rancid.in (revision 3088) +++ bin/control_rancid.in (working copy) @@ -278,6 +278,9 @@ exit 1; fi +# reading test + at PERLV@ -F\; -ane '{if ($F[0] !~ /^\s*#/ && $F[0] !~ /^\s*$/ && $#F < 2 && $F[0] =~ /:/) {print "WARNING: Have you forgotten to update the FS in router.db?\n"; exit;}}' router.db + # generate the list of all, up, & down routers cd $DIR trap 'rm -fr routers.db routers.all.new routers.down.new routers.up.new \ ------------------------------ Message: 2 Date: Thu, 7 May 2015 18:40:31 +0000 From: "Hart, Benjamin" To: "rancid-discuss at shrubbery.net" Subject: [rancid] No mail flow Message-ID: Content-Type: text/plain; charset="us-ascii" Fresh install, Rancid is pulling configs now. I've got the main.cf settings for the relayhost, and postfix is running. However I get no mail after rancid-run is processed. Postfix does work when telnet mailing.. since there's no postfix or mail related entries in the rancid logs where can I look for this? Thanks Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 3 Date: Thu, 7 May 2015 17:38:54 +0000 From: "Hart, Benjamin" To: Scott Granados Cc: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] blank config files Message-ID: Content-Type: text/plain; charset="us-ascii" Awesome.. did the trick. Thanks Scott. From: Scott Granados [mailto:scott.granados at gmail.com] Sent: Thursday, May 7, 2015 1:11 PM To: Hart, Benjamin Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] blank config files This is the exact problem I had and Kenneth set me straight. in your routers.db file make sure you use a ; in stead of a : so for example bobsrouter.bobu.edu;juniper;up the normal method previously was to use a : but that no longer does the trick. You'llhave the exact symptoms that you're expressing. Thanks Scott On May 7, 2015, at 10:11 AM, Hart, Benjamin > wrote: So I followed the setup here: http://ciscoskills.net/2015/01/03/install-rancid-and-viewvc-on-centos-7/ I get no errors, the log files are empty after each rancid-run. However clogin x.x.x.x connected, enables and gives me an ssh prompt, responded to commands like sh run. This is indeed on CentOS 7, rancid 3.2. Thanks _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Subject: Digest Footer _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss ------------------------------ End of Rancid-discuss Digest, Vol 55, Issue 6 ********************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Subject: Digest Footer _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss ------------------------------ End of Rancid-discuss Digest, Vol 55, Issue 7 ********************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From jctail at yahoo.com Tue May 12 16:54:08 2015 From: jctail at yahoo.com (JC) Date: Tue, 12 May 2015 16:54:08 +0000 (UTC) Subject: [rancid] System Up Time & Dell Message-ID: <1999635183.731999.1431449648964.JavaMail.yahoo@mail.yahoo.com> Hi Everyone, I know this has been talked about before but I'm still having the issue with Dell PowerConnects and Up Time triggering diffs. I checked the srancid file and it does have the correct syntax: / Up Time/i && next; I'm a little confused as to what login file gets called out when rancid runs. Currently I have ukbswid09 set to SMC type and it is pulling the config. $./rancid -d -t smc ukbswid09 loadtype: device type smc loadtype: found device type smc in /usr/local/rancid/etc/rancid.types.base executing hlogin -t 90 -c"" ukbswid09 inloop is not configured for device type smc at ./rancid line 126. write(spawn_id=1): broken pipe while executing "send_user "$router\n"" ("foreach" body line 3) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # device timeout set timeout [find t..." (file "/usr/local/rancid/bin/hlogin" line 632) $ ./rancid -d -t dell ukbswid09 loadtype: device type dell loadtype: found device type dell in /usr/local/rancid/etc/rancid.types.base executing dllogin -t 300 -c"show switch;show config current_config" ukbswid09 HIT COMMAND:UKBSWID09-CH2-B2#show switch In GetSystem: UKBSWID09-CH2-B2#show switch HIT COMMAND:UKBSWID09-CH2-B2#show config current_config In GetConf: UKBSWID09-CH2-B2#show config current_config ukbswid09: End of run not found ukbswid09: End of run not found % Invalid input detected at '^' marker. Understating how login files get called will hopefully make me more self sufficient and not need to post questions to the board. Thanks, -JC From meklund at dealnews.com Tue May 12 20:51:55 2015 From: meklund at dealnews.com (Mike Eklund) Date: Tue, 12 May 2015 16:51:55 -0400 (EDT) Subject: [rancid] patch for local rancid.conf w/ git and ASA passwords using ikev2 In-Reply-To: <1927890193.19450576.1431463622334.JavaMail.zimbra@dealnews.com> Message-ID: <1926748553.19455844.1431463915343.JavaMail.zimbra@dealnews.com> I found a couple of issues with rancid 3.2. 1) when control_rancid checks for a group specific rancid.conf it does not properly set error codes when using git. 2) password filtering does not work on Cisco ASA firewalls using ikev2 here is a patch: diff -rupN rancid-3.2/bin/control_rancid.in rancid-3.2.new/bin/control_rancid.in --- rancid-3.2/bin/control_rancid.in 2015-03-16 15:02:52.000000000 -0400 +++ rancid-3.2.new/bin/control_rancid.in 2015-05-11 14:38:49.942514742 -0400 @@ -236,6 +236,7 @@ if [ -f rancid.conf ] ; then ;; git ) git status -s rancid.conf | grep '^?' + if [ $? -eq 0 ] ; then LN=1; else LN=0; fi ;; esac if [ $LN -eq 0 ] ; then diff -rupN rancid-3.2/lib/ios.pm.in rancid-3.2.new/lib/ios.pm.in --- rancid-3.2/lib/ios.pm.in 2015-03-16 15:02:52.000000000 -0400 +++ rancid-3.2.new/lib/ios.pm.in 2015-05-11 14:38:50.622544735 -0400 @@ -2125,6 +2125,16 @@ TOP: ProcessHistory("","","","!$1 $'"); next; } # ASA/PIX keys in more system:running-config + if (/^(( ikev2)? remote-authentication pre-shared-key ).*/ && + $filter_pwds >= 1) { + ProcessHistory("","","","!$1 $'"); next; + } + # ASA/PIX keys in more system:running-config + if (/^(( ikev2)? local-authentication pre-shared-key ).*/ && + $filter_pwds >= 1) { + ProcessHistory("","","","!$1 $'"); next; + } + # ASA/PIX keys in more system:running-config if (/(\s+ldap-login-password )\S+(.*)/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 $'"); next; } Regards, Mike Eklund | DealNews -------------- next part -------------- An HTML attachment was scrubbed... URL: From martymusto at gmail.com Tue May 12 16:00:00 2015 From: martymusto at gmail.com (martyMusto) Date: Tue, 12 May 2015 10:00:00 -0600 Subject: [rancid] RANCID panos.pm bug found Message-ID: Hello Shrubbery.net/rancid-discuss, I was seeing ~/bin/rancid was throw "missed cmd(s): all commands" whenever rancid-run was executed. RANCID installed from the latest source 3.2 "~/lib/rancid/panos.pm" is defined on line 1 as "package ios;" when it should be defined as "package panos;" As soon as I changed this, my backups started working. Not sure if anyone else is impacted by this but this was the fix on this end. I figured it was worth sending out to the list. -Marty -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed May 13 12:51:58 2015 From: heas at shrubbery.net (heasley) Date: Wed, 13 May 2015 12:51:58 +0000 Subject: [rancid] RANCID panos.pm bug found In-Reply-To: References: Message-ID: <20150513125158.GB91439@shrubbery.net> Tue, May 12, 2015 at 10:00:00AM -0600, martyMusto: > Hello Shrubbery.net/rancid-discuss, > > I was seeing ~/bin/rancid was throw "missed cmd(s): all commands" whenever > rancid-run was executed. > > RANCID installed from the latest source 3.2 > > "~/lib/rancid/panos.pm" is defined on line 1 as "package ios;" when it > should be defined as "package panos;" Thanks. created ftp://ftp.shrubbery.net/pub/rancidrancid.3.2.p5.gz > As soon as I changed this, my backups started working. > Not sure if anyone else is impacted by this but this was the fix on this > end. I figured it was worth sending out to the list. > > > -Marty > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From gmourani at gmail.com Wed May 13 13:08:05 2015 From: gmourani at gmail.com (Gerhard Mourani) Date: Wed, 13 May 2015 09:08:05 -0400 Subject: [rancid] Old lockfile still exists Message-ID: <9754565A-2820-4C5A-B6AA-33B745A6B962@gmail.com> Hello List, Since a week ago I?ve started to receive this message every time the rancid script run to get backups. Old lockfile still exists: -rw-r----- 1 rancid rancid 0 May 12 12:01 /tmp/.Fortinet.run.lock The above happen only for Fortigate devices and not for the other (Cisco, Brocade, etc..) which work fine. Even if I remove the /tmp/.Fortinet.run.lock file, the next time the script run the problem happen again! Someone have an idea about how to fix it? Gerhard, From heas at shrubbery.net Wed May 13 13:17:16 2015 From: heas at shrubbery.net (heasley) Date: Wed, 13 May 2015 13:17:16 +0000 Subject: [rancid] Old lockfile still exists In-Reply-To: <9754565A-2820-4C5A-B6AA-33B745A6B962@gmail.com> References: <9754565A-2820-4C5A-B6AA-33B745A6B962@gmail.com> Message-ID: <20150513131716.GA94190@shrubbery.net> Wed, May 13, 2015 at 09:08:05AM -0400, Gerhard Mourani: > Hello List, > > Since a week ago I?ve started to receive this message every time the rancid script run to get backups. > > Old lockfile still exists: > -rw-r----- 1 rancid rancid 0 May 12 12:01 /tmp/.Fortinet.run.lock > > The above happen only for Fortigate devices and not for the other (Cisco, Brocade, etc..) which work fine. > > Even if I remove the /tmp/.Fortinet.run.lock file, the next time the script run the problem happen again! > > Someone have an idea about how to fix it? it must be hanging on one or more of those devices. ktrace/strace the processes to see what theyre doing. From gmourani at gmail.com Wed May 13 14:27:04 2015 From: gmourani at gmail.com (Gerhard Mourani) Date: Wed, 13 May 2015 10:27:04 -0400 Subject: [rancid] Old lockfile still exists In-Reply-To: <20150513131716.GA94190@shrubbery.net> References: <9754565A-2820-4C5A-B6AA-33B745A6B962@gmail.com> <20150513131716.GA94190@shrubbery.net> Message-ID: Seem to be ok. If I run each one manually with command like -> /usr/bin/rancid-run -r x.x.x.x it work! But when I run them with -> /usr/bin/rancid-run Fortinet, then the process never end! strace /usr/bin/rancid-run Fortinet never finish. Can see the following in the log: cvs status: [13:41:26] waiting for rancid's lock in /var/lib/rancid/CVS/Fortinet/configs > On May 13, 2015, at 9:17 AM, heasley wrote: > > Wed, May 13, 2015 at 09:08:05AM -0400, Gerhard Mourani: >> Hello List, >> >> Since a week ago I?ve started to receive this message every time the rancid script run to get backups. >> >> Old lockfile still exists: >> -rw-r----- 1 rancid rancid 0 May 12 12:01 /tmp/.Fortinet.run.lock >> >> The above happen only for Fortigate devices and not for the other (Cisco, Brocade, etc..) which work fine. >> >> Even if I remove the /tmp/.Fortinet.run.lock file, the next time the script run the problem happen again! >> >> Someone have an idea about how to fix it? > > it must be hanging on one or more of those devices. ktrace/strace the > processes to see what theyre doing. From martymusto at gmail.com Wed May 13 22:07:53 2015 From: martymusto at gmail.com (martyMusto) Date: Wed, 13 May 2015 16:07:53 -0600 Subject: [rancid] xlogin possible unbalanced brace in comment In-Reply-To: References: Message-ID: Hello All, I am receiving an error on both new(v3.2) and old(v2.3) unmodified RANCID nlogin and clogin. "Error: missing close-brace: possible unbalanced brace in comment" I am running expect 5.45 and Tcl 8.6. I haven't had a chance to test but I believe I need expect 5.43 and Tcl 8.4 (per shrubbery FTP) to get these scripts running without error. I didn't see anything of the forums or site about avoiding expect 5.45. The site only mentions you must use expect >=5.40 with latest RANCID 3.2. Going to try the shrubbery patched expect+Tcl tomorrow. Figured it would be worth it to post this. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu May 14 12:55:25 2015 From: heas at shrubbery.net (heasley) Date: Thu, 14 May 2015 12:55:25 +0000 Subject: [rancid] xlogin possible unbalanced brace in comment In-Reply-To: References: Message-ID: <20150514125525.GE57225@shrubbery.net> Wed, May 13, 2015 at 04:07:53PM -0600, martyMusto: > Hello All, > > I am receiving an error on both new(v3.2) and old(v2.3) unmodified RANCID > nlogin and clogin. what is your prompt? > "Error: missing close-brace: possible unbalanced brace in comment" > > I am running expect 5.45 and Tcl 8.6. > > I haven't had a chance to test but I believe I need expect 5.43 and Tcl 8.4 > (per shrubbery FTP) to get these scripts running without error. > > I didn't see anything of the forums or site about avoiding expect 5.45. The > site only mentions you must use expect >=5.40 with latest RANCID 3.2. > > Going to try the shrubbery patched expect+Tcl tomorrow. > > Figured it would be worth it to post this. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From howie at thingy.com Fri May 15 16:38:38 2015 From: howie at thingy.com (Howard Jones) Date: Fri, 15 May 2015 17:38:38 +0100 Subject: [rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade? Message-ID: <5556210E.8040304@thingy.com> After a lot of fiddling around, I found that my previous RANCID system, running on CentOS 5 was just not able to reliably deal with ExtremeXOS switches, apparently due to an expect issue. So I've just finished moving to a new (RANCID 3.2, CentOS 7) system. I'd forgotten how many little patches I'd added over the last couple of years, so that was a fun process! My Extreme switches are backing up correctly, though. Anyway, now I find that I can't connect to a few Cisco ASRs with SSH from that new box (works fine with putty). They just drop connection with this slightly strange message in the logs: May 15 16:57:30.399 BST: SSH2 1: Client DH key range mismatch with max built-in DH key on server! May 15 16:57:30.399 BST: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.168.0.27 (tty = 1) using crypto cipher '', hmac '' Failed May 15 16:57:30.399 BST: %SSH-5-SSH2_CLOSE: SSH2 Session from 192.168.0.27 (tty = 1) for user '' using crypto cipher '', hmac '' closed On the Rancid side, I actually copied all the SSH keys (host and rancid user) across from the old machine, to avoid any 'key changed' type issues. Running with ssh -v, the last messages are: debug1: kex: server->client aes128-cbc hmac-sha1 none debug1: kex: client->server aes128-cbc hmac-sha1 none debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20 debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP This seems to be to do with a new lower key size restriction in newer openssh version - does anyone know a way around it? Ideally without regenerating the keys on the routers? In fact, I just tried regenerating a 2048-bit key on one of the affected routers, and it makes no difference anyway. Thanks in advance, Howard From jctail at yahoo.com Sat May 16 02:26:32 2015 From: jctail at yahoo.com (JC) Date: Sat, 16 May 2015 02:26:32 +0000 (UTC) Subject: [rancid] System Up Time & Dell Message-ID: <288497966.22283.1431743192310.JavaMail.yahoo@mail.yahoo.com> I've gotten a little further in my hopes of getting these Dell powerconnect switches backed up w/o the up time creating diffs each run. I added the rancid.types.conf with what's below. test;login;dlogin test;module;drancid test;inloop;ios::inloop test;command;ShowVersion;show version When I run the command below it generates the following errors. [rancid at ALVMANL01 etc]$ /usr/local/rancid/bin/rancid -d -t test ukbswid05 loadtype: device type test loadtype: found device type test in /usr/local/rancid/etc/rancid.types.conf ukbswid05: missed cmd(s): show system,show vlan,show version,show running-config found_end = 0, clean_run = 0 ukbswid05: End of run not found ! write(spawn_id=1): broken pipe while executing "send_user "$router\n"" ("foreach" body line 3) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # device timeout set timeout [find t..." (file "/usr/local/rancid/bin/dlogin" line 509) ukbswid05: missed cmd(s): all commands ukbswid05: End of run not found Am I on the right path or even more screwed up than before? Thanks for the look. -John From howie at thingy.com Sat May 16 10:08:08 2015 From: howie at thingy.com (Howard Jones) Date: Sat, 16 May 2015 11:08:08 +0100 Subject: [rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade? In-Reply-To: <5556210E.8040304@thingy.com> References: <5556210E.8040304@thingy.com> Message-ID: <55571708.9020808@thingy.com> On 15/05/2015 17:38, Howard Jones wrote: > This seems to be to do with a new lower key size restriction in newer > openssh version - does anyone know a way around it? Ideally without > regenerating the keys on the routers? In fact, I just tried > regenerating a 2048-bit key on one of the affected routers, and it > makes no difference anyway. I "resolved" my issue for now by installing a copy of openssh 4.9 in /opt and using sshcmd for the affected devices - a selection of ASRs and ISRs, but not all. I'd still be interested in what the real fix is though! Evidently those specific devices don't meet some minimum standard that the openssh folks enforce. Cheers, Howard From martymusto at gmail.com Thu May 14 16:03:51 2015 From: martymusto at gmail.com (martyMusto) Date: Thu, 14 May 2015 10:03:51 -0600 Subject: [rancid] xlogin possible unbalanced brace in comment In-Reply-To: References: Message-ID: Just wanted to update the list before my mind melts from getting this working... If the password of your device in cloginrc contains curly braces, the curly brace password escaping mechanism will break causing clogin and or nlogin to fail with the aforementioned expect error. -Marty On May 13, 2015 4:07 PM, "martyMusto" wrote: > Hello All, > > I am receiving an error on both new(v3.2) and old(v2.3) unmodified RANCID > nlogin and clogin. > > "Error: missing close-brace: possible unbalanced brace in comment" > > I am running expect 5.45 and Tcl 8.6. > > I haven't had a chance to test but I believe I need expect 5.43 and Tcl > 8.4 (per shrubbery FTP) to get these scripts running without error. > > I didn't see anything of the forums or site about avoiding expect 5.45. > The site only mentions you must use expect >=5.40 with latest RANCID 3.2. > > Going to try the shrubbery patched expect+Tcl tomorrow. > > Figured it would be worth it to post this. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancid at ale.cx Sat May 16 21:31:05 2015 From: rancid at ale.cx (Alex DEKKER) Date: Sat, 16 May 2015 22:31:05 +0100 Subject: [rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade? In-Reply-To: <55571708.9020808@thingy.com> References: <5556210E.8040304@thingy.com> <55571708.9020808@thingy.com> Message-ID: <5557B719.7090207@ale.cx> On 16/05/15 11:08, Howard Jones wrote: > Evidently those specific devices don't meet some minimum standard > that the openssh folks enforce. > There is an option you can pass to SSH ['-o KexAlgorithms=diffie-hellman-group14-sha1'] to allow it to connect to older versions of IOS. The error emitted by SSH isn't much help at all. alexd From randy at psg.com Sat May 16 21:57:41 2015 From: randy at psg.com (Randy Bush) Date: Sat, 16 May 2015 11:57:41 -1000 Subject: [rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade? In-Reply-To: <5557B719.7090207@ale.cx> References: <5556210E.8040304@thingy.com> <55571708.9020808@thingy.com> <5557B719.7090207@ale.cx> Message-ID: > There is an option you can pass to SSH ['-o > KexAlgorithms=diffie-hellman-group14-sha1'] to allow it to connect to > older versions of IOS. The error emitted by SSH isn't much help at all. for really older images, e.g. those on a 2511, try ssh -1 randy From heas at shrubbery.net Sun May 17 02:58:17 2015 From: heas at shrubbery.net (John Heasley) Date: Sat, 16 May 2015 22:58:17 -0400 Subject: [rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade? In-Reply-To: References: <5556210E.8040304@thingy.com> <55571708.9020808@thingy.com> <5557B719.7090207@ale.cx> Message-ID: <03D399B5-2D34-4DAF-BF56-39B9E03CD079@shrubbery.net> Am 16.05.2015 um 17:57 schrieb Randy Bush : >> There is an option you can pass to SSH ['-o >> KexAlgorithms=diffie-hellman-group14-sha1'] to allow it to connect to >> older versions of IOS. The error emitted by SSH isn't much help at all. > > for really older images, e.g. those on a 2511, try > > ssh -1 Just on my mobile, so cant double check ATM, but there is a 'sshcmd' in cloginrc(5). I beleieve it can be made to pass other options, eg {ssh\ -o\ ....}. One can also use Host directives in ~/.ssh/config for many if not all ssh client options. Write again if these options dont work. From alq16 at 163.com Sun May 17 07:26:50 2015 From: alq16 at 163.com (alq16) Date: Sun, 17 May 2015 15:26:50 +0800 Subject: [rancid] Rancid-discuss Digest, Vol 55, Issue 13 In-Reply-To: References: Message-ID: <7239d169.11a0.14d60c4bb07.Coremail.alq16@163.com> Hi All, I have some questions with today's topic 1.System Up Time & Dell (JC) For Dell devices & F5,cloginrc is ok but failed to get the config. Shall I edit the file rancid.types.conf? And also,where can I find the website for all past topics,especially for Huawei switches? Also Rancid log is missing in my system,(although previously existing),is it forwarded to somewhere else? >> version: rancid-3.1-2.el6.x86_64 [rancid at network-backup BJ]$ cat /etc/redhat-release CentOS release 6.6 (Final) The rancid-run script running as below,but all Rancid system viariables are blanks(previously ok): > sh -x path-to/rancid-run > + for GROUP in '$LIST_OF_GROUPS' > + LOCKFILE=/tmp/.ES19F.run.lock > ++ date +%Y%m%d.%H%M%S > + for GROUP in '$LIST_OF_GROUPS' > + LOCKFILE=/tmp/.ES21F.run.lock > ++ date +%Y%m%d.%H%M%S > + for GROUP in '$LIST_OF_GROUPS' > + LOCKFILE=/tmp/.MI31F.run.lock > ++ date +%Y%m%d.%H%M%S > + for GROUP in '$LIST_OF_GROUPS' > + LOCKFILE=/tmp/.MI32F.run.lock > ++ date +%Y%m%d.%H%M%S > + for GROUP in '$LIST_OF_GROUPS' > + LOCKFILE=/tmp/.HKDR-site.run.lock > ++ date +%Y%m%d.%H%M%S > + for GROUP in '$LIST_OF_GROUPS' > + LOCKFILE=/tmp/.Remote-site.run.lock > ++ date +%Y%m%d.%H%M%S 2015-05-17 alq16 ????rancid-discuss-request at shrubbery.net ?????2015-05-17 04:00 ???Rancid-discuss Digest, Vol 55, Issue 13 ????"rancid-discuss" ??? Send Rancid-discuss mailing list submissions to rancid-discuss at shrubbery.net To subscribe or unsubscribe via the World Wide Web, visit http://www.shrubbery.net/mailman/listinfo/rancid-discuss or, via email, send a message with subject or body 'help' to rancid-discuss-request at shrubbery.net You can reach the person managing the list at rancid-discuss-owner at shrubbery.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Rancid-discuss digest..." Today's Topics: 1. Re: System Up Time & Dell (JC) 2. Re: As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade? (Howard Jones) 3. Re: xlogin possible unbalanced brace in comment (martyMusto) ---------------------------------------------------------------------- Message: 1 Date: Sat, 16 May 2015 02:26:32 +0000 (UTC) From: JC To: "rancid-discuss at shrubbery.net" Subject: Re: [rancid] System Up Time & Dell Message-ID: <288497966.22283.1431743192310.JavaMail.yahoo at mail.yahoo.com> Content-Type: text/plain; charset=UTF-8 I've gotten a little further in my hopes of getting these Dell powerconnect switches backed up w/o the up time creating diffs each run. I added the rancid.types.conf with what's below. test;login;dlogin test;module;drancid test;inloop;ios::inloop test;command;ShowVersion;show version When I run the command below it generates the following errors. [rancid at ALVMANL01 etc]$ /usr/local/rancid/bin/rancid -d -t test ukbswid05 loadtype: device type test loadtype: found device type test in /usr/local/rancid/etc/rancid.types.conf ukbswid05: missed cmd(s): show system,show vlan,show version,show running-config found_end = 0, clean_run = 0 ukbswid05: End of run not found ! write(spawn_id=1): broken pipe while executing "send_user "$router\n"" ("foreach" body line 3) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # device timeout set timeout [find t..." (file "/usr/local/rancid/bin/dlogin" line 509) ukbswid05: missed cmd(s): all commands ukbswid05: End of run not found Am I on the right path or even more screwed up than before? Thanks for the look. -John ------------------------------ Message: 2 Date: Sat, 16 May 2015 11:08:08 +0100 From: Howard Jones To: rancid-discuss at shrubbery.net Subject: Re: [rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade? Message-ID: <55571708.9020808 at thingy.com> Content-Type: text/plain; charset=windows-1252; format=flowed On 15/05/2015 17:38, Howard Jones wrote: > This seems to be to do with a new lower key size restriction in newer > openssh version - does anyone know a way around it? Ideally without > regenerating the keys on the routers? In fact, I just tried > regenerating a 2048-bit key on one of the affected routers, and it > makes no difference anyway. I "resolved" my issue for now by installing a copy of openssh 4.9 in /opt and using sshcmd for the affected devices - a selection of ASRs and ISRs, but not all. I'd still be interested in what the real fix is though! Evidently those specific devices don't meet some minimum standard that the openssh folks enforce. Cheers, Howard ------------------------------ Message: 3 Date: Thu, 14 May 2015 10:03:51 -0600 From: martyMusto To: Rancid-discuss at shrubbery.net Cc: heasley at shrubbery.net Subject: Re: [rancid] xlogin possible unbalanced brace in comment Message-ID: Content-Type: text/plain; charset="utf-8" Just wanted to update the list before my mind melts from getting this working... If the password of your device in cloginrc contains curly braces, the curly brace password escaping mechanism will break causing clogin and or nlogin to fail with the aforementioned expect error. -Marty On May 13, 2015 4:07 PM, "martyMusto" wrote: > Hello All, > > I am receiving an error on both new(v3.2) and old(v2.3) unmodified RANCID > nlogin and clogin. > > "Error: missing close-brace: possible unbalanced brace in comment" > > I am running expect 5.45 and Tcl 8.6. > > I haven't had a chance to test but I believe I need expect 5.43 and Tcl > 8.4 (per shrubbery FTP) to get these scripts running without error. > > I didn't see anything of the forums or site about avoiding expect 5.45. > The site only mentions you must use expect >=5.40 with latest RANCID 3.2. > > Going to try the shrubbery patched expect+Tcl tomorrow. > > Figured it would be worth it to post this. > -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Subject: Digest Footer _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss ------------------------------ End of Rancid-discuss Digest, Vol 55, Issue 13 ********************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From howie at thingy.com Sun May 17 10:05:38 2015 From: howie at thingy.com (Howard Jones) Date: Sun, 17 May 2015 11:05:38 +0100 Subject: [rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade? In-Reply-To: <5557B719.7090207@ale.cx> References: <5556210E.8040304@thingy.com> <55571708.9020808@thingy.com> <5557B719.7090207@ale.cx> Message-ID: <555867F2.7050608@thingy.com> On 16/05/2015 22:31, Alex DEKKER wrote: > On 16/05/15 11:08, Howard Jones wrote: >> Evidently those specific devices don't meet some minimum standard >> that the openssh folks enforce. >> > There is an option you can pass to SSH ['-o > KexAlgorithms=diffie-hellman-group14-sha1'] to allow it to connect to > older versions of IOS. The error emitted by SSH isn't much help at all. > Aha! That's the one. Thanks, Alex. So for the archive, the complete fix is to create a shell script (local/ssh-old-kex for me): #!/bin/sh ssh -o KexAlgorithms=diffie-hellman-group14-sha1 $* Then for the affected devices, add this in .cloginrc add sshcmd oldrouter /opt/rancid/local/ssh-old-kex From nick at foobar.org Sun May 17 12:58:56 2015 From: nick at foobar.org (Nick Hilliard) Date: Sun, 17 May 2015 13:58:56 +0100 Subject: [rancid] As one door closes, another opens... ssh failing with (some) Cisco devices after OS upgrade? In-Reply-To: <5557B719.7090207@ale.cx> References: <5556210E.8040304@thingy.com> <55571708.9020808@thingy.com> <5557B719.7090207@ale.cx> Message-ID: <55589090.4090704@foobar.org> On 16/05/2015 22:31, Alex DEKKER wrote: > On 16/05/15 11:08, Howard Jones wrote: >> Evidently those specific devices don't meet some minimum standard that >> the openssh folks enforce. >> > There is an option you can pass to SSH ['-o > KexAlgorithms=diffie-hellman-group14-sha1'] to allow it to connect to older > versions of IOS. The error emitted by SSH isn't much help at all. or on ios config: ip ssh dh min size 4096 This doesn't work on all IOS images but if it works, it's a useful workaround where upgrading is a problem. Nick From electro93 at gmail.com Thu May 21 03:49:44 2015 From: electro93 at gmail.com (electro) Date: Wed, 20 May 2015 22:49:44 -0500 Subject: [rancid] Cisco SG-500 configs? In-Reply-To: <20140605142748.GA11298@gxis.de> References: <20140604084403.GA15836@gxis.de> <5390696A.9030606@ale.cx> <20140605142748.GA11298@gxis.de> Message-ID: All, Thanks for the patches. I was able to get this configured into the 2.x version without much difficulty. Has anyone been able to make the modifications required for 3.2? I have a client with multiple SG500s and would love to have the ability to drop in rancid at their location. Please let me know if anyone has been able to incorporate this into the latest version. Much appreciated. Thanks, Jeff On Thu, Jun 5, 2014 at 9:27 AM, Alexander Bochmann wrote: > Hi, > > > ...on Thu, Jun 05, 2014 at 01:58:18PM +0100, Alex DEKKER wrote: > > > >does anyone have rancid 2.3.x patches for Cisco SG-500 switches with > current > > >software? I've found several pieces of code that claim to support the > SG series, > > Have you tried this?: > > https://github.com/chrpinedo/rancid-cisco-sb > > Yes, and several variants of that one. > > > Ahhh hang on, when you say current software, are you talking about > > newer switch firmwares? > > Exactly. For example, csbrancid wants to use an "lcli" command upon logging > in that the current SG switches don't know about anymore - they expect an > "enable"... > > > sg5>enable > > Password:************ > > sg5#sh ver > > > > Unit SW version Boot version HW > version > > ------------------- ------------------- ------------------- > ------------------- > > 1 1.3.7.18 1.3.7.01 V02 > > > > sg5#sh system > > > > Unit Type > > ---- ---------------------- > > 1 SG500-28 > >[..] > > Alex. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlesg at unixrealm.com Thu May 21 13:42:44 2015 From: charlesg at unixrealm.com (Charles Gagnon) Date: Thu, 21 May 2015 09:42:44 -0400 Subject: [rancid] Rancid with Brocade 6510 Message-ID: Is anyone using rancid on Brocades 6510 running FOS v 7.2.1b. We just added 4 of those to our network and can't seem to get it working. I had to make a short mod to flogin to get it working. I changed: set avenable 0 So that you could flogin without adding the "--noenable" since these switches don't have an enable and the prompts ends with ">". So flogin works but even if I add them to my router.db as "brocade-fc1;foundry;up", I still fail to retrieve anything from it. Logs: brocade-fc1 flogin error: Error: TIMEOUT reached brocade-fc1: missed cmd(s): show chassis,show module,show flash,show running-config,write term brocade-fc1: End of run not found Those commands don't seem to match what would work this OS yet I keep seeing people online using Foundry for Brocades. This is all on Rancid 3.0 (I had perl issues with sockets when going to 3.2 - though if it's the solution, I will work on upgrading perl). -- Charles Gagnon charlesg at unixrealm.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajo at sypartners.com Thu May 21 18:11:33 2015 From: ajo at sypartners.com (Alfredo Jo) Date: Thu, 21 May 2015 14:11:33 -0400 Subject: [rancid] add password not working... Message-ID: Hello, I have a cisco switch in with the user password and enable password are the same. I don't know if this matters but my password starts with a .(period) i.e: .Pass6cisco I tried adding it to the .cloginrc but it doesn't work. I get a connection closed error. my syntax is: #9th Floor switch add method IPaddressofSwitch {ssh} add user IPaddressofSwitch {netadmin} add password IPaddressofSwitch {.Pass6cisco} {.Pass6cisco} here is the syntax that lets me login to the switch but then i get a check enable password error #9th Floor switch add method IPaddressofSwitch {ssh} add user IPaddressofSwitch {netadmin} add userpassword IPaddressofSwitch {.Pass6cisco} Any help is appreciated it. thank you! -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri May 22 15:51:44 2015 From: heas at shrubbery.net (heasley) Date: Fri, 22 May 2015 15:51:44 +0000 Subject: [rancid] Rancid with Brocade 6510 In-Reply-To: References: Message-ID: <20150522155144.GC64919@shrubbery.net> Thu, May 21, 2015 at 09:42:44AM -0400, Charles Gagnon: > I had to make a short mod to flogin to get it working. I changed: > > set avenable 0 > > So that you could flogin without adding the "--noenable" since these > switches don't have an enable and the prompts ends with ">". there is a noenable cloginrc directive. > This is all on Rancid 3.0 (I had perl issues with sockets when going to 3.2 > - though if it's the solution, I will work on upgrading perl). you do not need to upgrade perl; just install a new version of Sockets.pm from cpan.org. but, 3.2 does not have anything that will fix your brocade problem. From ajo at sypartners.com Fri May 22 16:22:26 2015 From: ajo at sypartners.com (Alfredo Jo) Date: Fri, 22 May 2015 12:22:26 -0400 Subject: [rancid] Rancid with Brocade 6510 In-Reply-To: <20150522155144.GC64919@shrubbery.net> References: <20150522155144.GC64919@shrubbery.net> Message-ID: Thank you all, i actually figured it . On Fri, May 22, 2015 at 11:51 AM, heasley wrote: > Thu, May 21, 2015 at 09:42:44AM -0400, Charles Gagnon: > > I had to make a short mod to flogin to get it working. I changed: > > > > set avenable 0 > > > > So that you could flogin without adding the "--noenable" since these > > switches don't have an enable and the prompts ends with ">". > > there is a noenable cloginrc directive. > > > This is all on Rancid 3.0 (I had perl issues with sockets when going to > 3.2 > > - though if it's the solution, I will work on upgrading perl). > > you do not need to upgrade perl; just install a new version of Sockets.pm > from cpan.org. but, 3.2 does not have anything that will fix your brocade > problem. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlesg at unixrealm.com Sat May 23 11:53:39 2015 From: charlesg at unixrealm.com (Charles Gagnon) Date: Sat, 23 May 2015 07:53:39 -0400 Subject: [rancid] Rancid with Brocade 6510 In-Reply-To: <20150522155144.GC64919@shrubbery.net> References: <20150522155144.GC64919@shrubbery.net> Message-ID: So the Brocade problem is something I cannot work around? I guess someone would need to write something to handle the devices? Is that right? On Fri, May 22, 2015 at 11:51 AM, heasley wrote: > Thu, May 21, 2015 at 09:42:44AM -0400, Charles Gagnon: > > I had to make a short mod to flogin to get it working. I changed: > > > > set avenable 0 > > > > So that you could flogin without adding the "--noenable" since these > > switches don't have an enable and the prompts ends with ">". > > there is a noenable cloginrc directive. > > > This is all on Rancid 3.0 (I had perl issues with sockets when going to > 3.2 > > - though if it's the solution, I will work on upgrading perl). > > you do not need to upgrade perl; just install a new version of Sockets.pm > from cpan.org. but, 3.2 does not have anything that will fix your brocade > problem. > -- Charles Gagnon charlesg at unixrealm.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue May 26 16:26:25 2015 From: heas at shrubbery.net (heasley) Date: Tue, 26 May 2015 16:26:25 +0000 Subject: [rancid] Rancid with Brocade 6510 In-Reply-To: References: <20150522155144.GC64919@shrubbery.net> Message-ID: <20150526162625.GA54175@shrubbery.net> Sat, May 23, 2015 at 07:53:39AM -0400, Charles Gagnon: > So the Brocade problem is something I cannot work around? I guess someone > would need to write something to handle the devices? > > Is that right? I mean that nothing has changed that would have affected Brocade. From ajo at sypartners.com Tue May 26 18:08:39 2015 From: ajo at sypartners.com (Alfredo Jo) Date: Tue, 26 May 2015 14:08:39 -0400 Subject: [rancid] cvs remove: nothing known about `.cvsignore' error Message-ID: Hello, I am trying to configure rancid and i think i got most of it done but when i run my initial bin/rancid-run this is what the logs tell me: starting: Tue May 26 13:43:57 EDT 2015 cvs remove: nothing known about `.cvsignore' cvs commit: nothing known about `.cvsignore' cvs [commit aborted]: correct above errors first! Deleted .cvsignore Checking in router.db; /usr/local/rancid/var/CVS/networking/router.db,v <-- router.db new revision: 1.2; previous revision: 1.1 done ending: Tue May 26 13:44:59 EDT 2015 var/logs/networking.20150526.134357 (END) I am not really sure what that means I also don't see the anything other than the CVS under var/networking/configs/ any helps is appreciate it -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Tue May 26 20:17:28 2015 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Tue, 26 May 2015 22:17:28 +0200 Subject: [rancid] cvs remove: nothing known about `.cvsignore' error In-Reply-To: References: Message-ID: <5564D4D8.7090205@gmail.com> On 26/05/2015 20:08, Alfredo Jo wrote: > Hello, > > I am trying to configure rancid and i think i got most of it done but > when i run my initial bin/rancid-run > > this is what the logs tell me: > > starting: Tue May 26 13:43:57 EDT 2015 > > > cvs remove: nothing known about `.cvsignore' > > cvs commit: nothing known about `.cvsignore' > > cvs [commit aborted]: correct above errors first! > > Deleted .cvsignore > > Checking in router.db; > > /usr/local/rancid/var/CVS/networking/router.db,v <-- router.db > > new revision: 1.2; previous revision: 1.1 > > done > > > ending: Tue May 26 13:44:59 EDT 2015 > > var/logs/networking.20150526.134357 (END) > > > > I am not really sure what that means I also don't see the anything other > than the CVS under var/networking/configs/ > > > any helps is appreciate it In my experience, CVS errors with rancid always got fixed by running rancid-cvs at the correct point. Make sure your LIST_OF_GROUPS and other variables are correct, then run the script. It's covered quite fully in the various text files shipped with the source tarball. -- Alan McKinnon alan.mckinnon at gmail.com From ajo at sypartners.com Tue May 26 20:31:45 2015 From: ajo at sypartners.com (Alfredo Jo) Date: Tue, 26 May 2015 16:31:45 -0400 Subject: [rancid] cvs remove: nothing known about `.cvsignore' error In-Reply-To: <5564D4D8.7090205@gmail.com> References: <5564D4D8.7090205@gmail.com> Message-ID: Thank you, I just checked everything seems to be in working order. the logs aren't showing any errors anymore now they are blank. And i still dont see anything under /usr/local/rancid/var/networking/configs On Tue, May 26, 2015 at 4:17 PM, Alan McKinnon wrote: > On 26/05/2015 20:08, Alfredo Jo wrote: > > Hello, > > > > I am trying to configure rancid and i think i got most of it done but > > when i run my initial bin/rancid-run > > > > this is what the logs tell me: > > > > starting: Tue May 26 13:43:57 EDT 2015 > > > > > > cvs remove: nothing known about `.cvsignore' > > > > cvs commit: nothing known about `.cvsignore' > > > > cvs [commit aborted]: correct above errors first! > > > > Deleted .cvsignore > > > > Checking in router.db; > > > > /usr/local/rancid/var/CVS/networking/router.db,v <-- router.db > > > > new revision: 1.2; previous revision: 1.1 > > > > done > > > > > > ending: Tue May 26 13:44:59 EDT 2015 > > > > var/logs/networking.20150526.134357 (END) > > > > > > > > I am not really sure what that means I also don't see the anything other > > than the CVS under var/networking/configs/ > > > > > > any helps is appreciate it > > > In my experience, CVS errors with rancid always got fixed by running > rancid-cvs at the correct point. Make sure your LIST_OF_GROUPS and other > variables are correct, then run the script. It's covered quite fully in > the various text files shipped with the source tarball. > > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cncallison at hotmail.com Tue May 26 22:55:38 2015 From: cncallison at hotmail.com (Christopher N Callison) Date: Tue, 26 May 2015 15:55:38 -0700 Subject: [rancid] Cisco ASA script errors Message-ID: RANCID version 2.3.8 running on Centos6.6 Normal collection jobs are working fine and I don't see any exceptions in the logs. However, when I try to run a script that makes changes on the firewall, I am seeing some errors in the log file. Created new directory for scripts: /usr/local/rancid/scripts/migration Contents of script file: #!/bin/bash /usr/local/rancid/bin/clogin -x $1.txt swsg-extfw01 >> $1.log Contents of show-run-object-test1.commands show run object id script command: sh test.sh show-run-object-test1 Output in log file show-run-object-test1.log swsg-extfw01 spawn ssh -c aes128-cbc -x -l rancid swsg-extfw01 rancid at swsg-extfw01's password: Type help or '?' for a list of available commands. swsg-extfw01> enable Password: **************** swsg-extfw01# swsg-extfw01# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. swsg-extfw01# terminal width 132 ^ ERROR: % Invalid input detected at '^' marker. swsg-extfw01# show run object id object network host swsg-extfw01# swsg-extfw01#exit Logoff Connection to swsg-extfw01 closed by remote host. Connection to swsg-extfw01 closed. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajo at sypartners.com Wed May 27 15:13:02 2015 From: ajo at sypartners.com (Alfredo Jo) Date: Wed, 27 May 2015 11:13:02 -0400 Subject: [rancid] enable password with \ Message-ID: Hello, My enable password has a \ in it therefore rancid doesnt seem to like it when i do like the example below: add password {pass\word!} {pass\word!} any way i can get around it? thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed May 27 15:23:21 2015 From: heas at shrubbery.net (heasley) Date: Wed, 27 May 2015 15:23:21 +0000 Subject: [rancid] enable password with \ In-Reply-To: References: Message-ID: <20150527152321.GD16549@shrubbery.net> Wed, May 27, 2015 at 11:13:02AM -0400, Alfredo Jo: > Hello, > > > My enable password has a \ in it therefore rancid doesnt seem to like it > when i do like the example below: > > add password {pass\word!} {pass\word!} > > any way i can get around it? add password {pass\\word!} {pass\\word!} From ajo at sypartners.com Wed May 27 15:48:51 2015 From: ajo at sypartners.com (Alfredo Jo) Date: Wed, 27 May 2015 11:48:51 -0400 Subject: [rancid] enable password with \ In-Reply-To: <20150527152321.GD16549@shrubbery.net> References: <20150527152321.GD16549@shrubbery.net> Message-ID: Thank you! all good now. On Wed, May 27, 2015 at 11:23 AM, heasley wrote: > Wed, May 27, 2015 at 11:13:02AM -0400, Alfredo Jo: > > Hello, > > > > > > My enable password has a \ in it therefore rancid doesnt seem to like it > > when i do like the example below: > > > > add password {pass\word!} {pass\word!} > > > > any way i can get around it? > > add password {pass\\word!} {pass\\word!} > -------------- next part -------------- An HTML attachment was scrubbed... URL: